Received: by 10.192.165.148 with SMTP id m20csp4733080imm;
        Tue, 24 Apr 2018 07:35:15 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48BOzqztmwpnfhv71OauU4eEaK8fRbL6fxK9C4sFWANTXCQlXxkC0+fjGcibEYtaodSaCPd
X-Received: by 10.98.61.84 with SMTP id k81mr24190693pfa.193.1524580514973;
        Tue, 24 Apr 2018 07:35:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524580514; cv=none;
        d=google.com; s=arc-20160816;
        b=db1f7jGaipsj2bSTzFS32f1feVc/xGEhzkG2hnkntZHhVjQ4s2+yfJaqpQ9+NWPAFm
         hhkn/SVImrNLDVbCAwFQnUar4CtTF1ZdBSbiWJHbqOR4FTETvXirE2SD4mmGmywJ2JxD
         8sCV5CE5r0/pabzFEUjIR1nzwJOC+4fKzIsuJFcvqcAAZl+T/UhNcE4GvHr5+Hx59ex1
         SeXDDYay9fqMH4GuM8c90E+2x/eJFrGslZ8ppT2RVx2EjuPxi4hWHCJH/Zg2o7Yqf4vq
         Hr/hm9XIeYQVvjXmLl/AIkxc7Sz3hvkS1W2KbdgSboyIAkUueLKwKQMlEuYtNDjegXzX
         L9Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=5k3+52svuTUdaEOmMtJOQseXhUZJdmtrkWUdMfYTV78=;
        b=MJ1UOK3FT1krsHlV957ZsdARwUt4jedOdADe6FqSU3+zONmT7rxxPZO0uQItuOr/Zi
         WMj6CA6kFmFo6l4/6DR7M6v8hYme1YckrcWC2G7Id0YjgUEuqc3qMBZAyB29N14jyIT9
         DRFLmuKaaPsshCcHSN1BLA/E9oeh51o+UC8JJi2araND+fQZ6/HAL+lAKabqkGnN3jzy
         ppPWJqatTUFSGHvkxgQn27weraCNYoE+twqMI5gFvYkD5cE4G2GvB63aTYZzA+jZa7dP
         xtczY/Ui4M8M/KLwZKIqD0FjkB7HaG2WEMXRiWilfLT6CzaK/xOogdvezLBBL3MhQ4Fc
         HfIA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=NofXWMWb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z84si14076451pfi.240.2018.04.24.07.34.59;
        Tue, 24 Apr 2018 07:35:14 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=NofXWMWb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757558AbeDXMjR (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Tue, 24 Apr 2018 08:39:17 -0400
Received: from mail-it0-f45.google.com ([209.85.214.45]:50463 "EHLO
        mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752892AbeDXMjO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Apr 2018 08:39:14 -0400
Received: by mail-it0-f45.google.com with SMTP id p3-v6so14764297itc.0;
        Tue, 24 Apr 2018 05:39:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=5k3+52svuTUdaEOmMtJOQseXhUZJdmtrkWUdMfYTV78=;
        b=NofXWMWb9U31o1XpJb0HjSIMHp8ygDpR0i2Sg6ebSaIPPf3/ee4iSPQYW4A5wRfzo8
         GSJz/T4suUKnPcgZRCdBiqcqWNJ0H4ZOlUznKcO+W/WHkDKdSgfuXZL5+V568jlcmGmS
         jvSqI/+EO+hUIIt0XJ5diTJ9zgglt8Rl8HhpDz53vY9HctlA7nTGaQb1LBLUOigyd2K9
         K6wEr3ExnLo0YiIFW8d6XLwzpsk7VqMNk39WP6W3Tl3TedraRv8bawk+uTvXN4IMCMJq
         DPJNRfbWC/Mq0S5r95AC0qViztFWT8H3tmRXl9rK9XCWbitwfrlaNI13LmsgfaCmzSI8
         I54A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=5k3+52svuTUdaEOmMtJOQseXhUZJdmtrkWUdMfYTV78=;
        b=b2PSfmKhOWVvwf+JfKYDfEry5xJiC4luDVisLkzkOqoiRUt/90hBIq+OdySCtYZF7V
         D4584DWmxbsOQpEXwsCCoo3PJjosCaz4LEopBg7giAV3kqPIGfhG9cX+ST7iYXD7q+G0
         TFryYtITKEX73lU1GzrU9ZVfx3D1YInNL8Iuvwzyx+B7lG4kVgJ9S6InjaeULcWIsCuX
         nJBKrBX6SEdpNcnClZTDFJnkOTKeateM/y25nezb2U3nKZBeGbORQqXr37AjG4rNA4gP
         3y2LNsu3hfTl7WSJttIbO3AcNn2vsSMLakiNJ+04WYq04Dvk4zn4KrGBfKGzODkc3cDZ
         6DoA==
X-Gm-Message-State: ALQs6tB4tBqGu6VxS8DUlaqYSyio0MM2Tgpz+zXCtLYiuf/eLfxF22b3
        WnOx5/9c3UWBh+7VVPcjQOM0t/AB6t0=
X-Received: by 2002:a24:b25c:: with SMTP id h28-v6mr1590691iti.23.1524573554086;
        Tue, 24 Apr 2018 05:39:14 -0700 (PDT)
Received: from [192.168.0.54] (174-23-152-165.slkc.qwest.net. [174.23.152.165])
        by smtp.gmail.com with ESMTPSA id v128-v6sm5164742itg.14.2018.04.24.05.39.12
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 24 Apr 2018 05:39:13 -0700 (PDT)
Subject: Re: [PATCH 7/9] Pmalloc Rare Write: modify selected pools
To:     lazytyped <lazytyped@gmail.com>,
        Matthew Wilcox <willy@infradead.org>
Cc:     keescook@chromium.org, paul@paul-moore.com, sds@tycho.nsa.gov,
        mhocko@kernel.org, corbet@lwn.net, labbott@redhat.com,
        david@fromorbit.com, rppt@linux.vnet.ibm.com,
        linux-security-module@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        Igor Stoppa <igor.stoppa@huawei.com>,
        Carlos Chinea Perez <carlos.chinea.perez@huawei.com>,
        Remi Denis Courmont <remi.denis.courmont@huawei.com>
References: <20180423125458.5338-1-igor.stoppa@huawei.com>
 <20180423125458.5338-8-igor.stoppa@huawei.com>
 <20180424115050.GD26636@bombadil.infradead.org>
 <eb23fbd9-1b9e-8633-b0eb-241b8ad24d95@gmail.com>
From:   Igor Stoppa <igor.stoppa@gmail.com>
Message-ID: <c5344284-f205-8465-0b04-f6da96e21609@gmail.com>
Date:   Tue, 24 Apr 2018 16:39:11 +0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <eb23fbd9-1b9e-8633-b0eb-241b8ad24d95@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 24/04/18 16:32, lazytyped wrote:
> 
> 
> On 4/24/18 1:50 PM, Matthew Wilcox wrote:
>> struct modifiable_data {
>> 	struct immutable_data *d;
>> 	...
>> };
>>
>> Then allocate a new pool, change d and destroy the old pool.
> 
> With the above, you have just shifted the target of the arbitrary write
> from the immutable data itself to the pointer to the immutable data, so
> got no security benefit.
> 
> The goal of the patch is to reduce the window when stuff is writeable,
> so that an arbitrary write is likely to hit the time when data is read-only.

Indeed, that was my - poorly explained, I admit it - idea.

For example, that's the reason why I am remapping one page at a time in 
a loop, instead of doing the whole array, to limit exposure and increase 
randomness.

WRT the implementation, I'm sure there are bugs that need squashing.

But if I have overlooked some aspect in the overall design, I need 
guidance, because i still do not see what I am missing :-(

--
igor